If you are upgrading an application from CakePHP 2.x, data encrypted in 2.x is
not compatible with openssl. This is because the encrypted data is not fully AES
compliant. If you don’t want to go through the trouble of re-encrypting your
data, you can force CakePHP to use mcrypt using the engine() method:

// In config/bootstrap.phpuseCake\Utility\Crypto\Mcrypt;Security::engine(newMcrypt());

The above will allow you to seamlessly read data from older versions of CakePHP,
and encrypt new data to be compatible with OpenSSL.